CVE-2004-0583

Name of the Vulnerable Software and Affected Versions Webmin version 1.140 Usermin versions prior to 1.070-r1

Description The issue concerns the account lockout functionality, which does not properly parse certain character strings. This allows remote attackers to perform brute force attacks to guess user IDs and passwords. Multiple vulnerabilities in the Usermin package can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For Webmin version 1.140, update to a version that addresses the account lockout functionality issue. For Usermin versions prior to 1.070-r1, update to version 1.070-r1 or later to resolve the multiple vulnerabilities. As a temporary workaround, consider restricting access to the account lockout functionality until a patch is available.